Permalink
Browse files

Clobber HTML in URL/subreddit inputs.

  • Loading branch information...
1 parent b95eb0d commit 35256c46f8db6760c0ad2daef9c77a05bc98c632 @chromakode chromakode committed Jul 16, 2012
Showing with 8 additions and 2 deletions.
  1. +8 −2 js/tv.js
View
@@ -831,7 +831,7 @@ function togglePlay(){
function addChannel(subreddit){
var click;
if(!subreddit){
- subreddit = encodeURIComponent($('#channel-name').val());
+ subreddit = stripHTML($('#channel-name').val());
click = true;
}
if(!getChan(subreddit)){
@@ -895,6 +895,7 @@ function checkAnchor(){
}else{
var anchor = Globals.current_anchor.substring(1);
var parts = anchor.split("/"); // #/r/videos/id
+ parts = $.map(parts, stripHTML);
if(parts[1] === 'promo'){
loadPromo(parts[2], parts[3], parts[4]);
}else{
@@ -981,9 +982,14 @@ Object.size = function(obj) {
return size;
};
+
+function stripHTML(s) {
+ return s.replace(/[&<>"'\/]/g, '');
+};
+
/* analytics */
function gaHashTrack(){
if(_gaq){
_gaq.push(['_trackPageview',location.pathname + location.hash]);
}
-}
+}

0 comments on commit 35256c4

Please sign in to comment.